Module 3 Flashcards
What word is used today to refer to network-connected hardware devices?
Device
Host
Endpoint
Client
Endpoint
Devices connected to a network today are far more than computing devices with a keyboard and monitor. Instead, devices ranging from mobile smartphones and tablets to wearable fitness trackers, industrial control system sensors, automotive telematics units, and even personal drones are all network-connected hardware devices. The word endpoint has become an accurate description of today’s end-user technology devices.
Which of the following attacks is based on a website accepting user input without sanitizing it?
XSS
SSXRS
SQLS
RSS
In a cross-site scripting (XSS) attack, a website that accepts user input without validating it (called sanitizing) and uses that input in a response can be exploited.
Which statement regarding a keylogger is NOT true?
-Software keyloggers can be designed to send captured information automatically back to the attacker through the Internet.
- Software keyloggers are generally easy to detect.
- Hardware keyloggers are installed between the keyboard connector and computer keyboard USB port.
- Keyloggers can be used to capture passwords, credit card numbers, or personal information.
Software keyloggers are difficult to detect because a type of rootkit is used to conceal their presence.
Which of the following is technology that imitates human abilities?
XLS
ML
AI
RC
Artificial intelligence (AI) at its core may be defined as technology that imitates human abilities.
Which of the following manipulates the trusting relationship between web servers?
CSRF
EXMAL
SSRF
SCSI
A server-side request forgery (SSRF) takes advantage of a trusting relationship between web servers. SSRF attacks exploit how a web server processes external information received from another server.
Juan, a cybersecurity expert, has been hired by an organization whose networks have been compromised by a malware attack. After analyzing the network systems, Juan submits a report to the company mentioning that the devices are infected with malware that uses a split infection technique on files.
Which malware attack is Juan reporting?
RAT
Spyware
Cryptomalware
Virus
Split infection technique is characteristic of a type of virus that lodges malicious codes in multiple locations within the file. It is normally placed randomly in various parts of the infected file.
What does ransomware do to an endpoint device?
- Ransomware attacks the endpoint device without the consent of the user or the device, discreetly collecting and transmitting information, causing harm to the end user.
- Ransomware attacks the endpoint device holding it hostage by preventing it from functioning unless the user fulfills the ransom payment demanded.
- Ransomware gets accidentally installed in the endpoint device as software along with other programs during the installation process. This happens when the user’s installation and download options are overlooked, thus affecting the user application adversely.
- Ransomware infects the endpoint devices and launches attacks on the infected endpoint and other devices connected to the network.
-Ransomware attacks the endpoint device holding it hostage by preventing it from functioning unless the user fulfills the ransom payment demanded.
“Ransomware is an imprison malware that takes control of the endpoint device, affecting the device’s performance until the user pays a ransom to the attacker.”
Smitha, an employee working in the accounts department, reported to the information security officer that she could not access her computer. James, the security officer, noticed the following on Smitha’s system:
On booting the computer, the following message was flashing on the computer screen with the IRS logo:
“This computer is locked by the Internal Revenue Service. It has come to our attention that you are transferring funds to other agencies using this computer without compliance with the local income tax laws. As per section 22 of the U.S. Income Tax Act, the transmission of funds without applicable taxes is prohibited. Your IP address is identified in this fraudulent transaction and is locked to prevent further unlawful activities. This offense attracts a penalty of $400.00 for the first offense. You are hereby given 16 hours to resolve this issue, failing which you shall be prosecuted to the full extent of the law. You may make a secure payment by clicking on the following link. If you face any issues, you may reach out to us at compliance@irs.gov.us.”
The message will not close, nor is there access to applications or files on the computer; however, James can open shared files and folders on Smitha’s computer through the network.
What is your inference about the problem faced by Smitha on her computer?
Smitha’s computer is compromised by cryptomalware.
Smitha’s computer is compromised by spyware.
Smitha’s computer is compromised by ransomware.
Smitha’s computer is compromised by a PUP.
Ransomware pretends to block the computer, giving a seemingly valid reason and instructing the user to pay a fine before being allowed to use the device. James’s observations of Smitha’s computer shows it is most likely compromised by a ransomware attack.
Which of the following is a feature of a fileless virus?
Fileless viruses grant limited control.
Fileless viruses are easy to defend.
Fileless viruses are persistent.
Fileless viruses are easy to detect.
Fileless viruses grant limited control
Zeda Corporation provides online training solutions to global customers. To provide e-learning solutions, it integrates with multiple vendor platforms. This ensures seamless transfer to multiple operators’ solutions through sign on. Joe, an IT security administrator, noticed that a threat actor has attacked the platform and stolen the user data. The source of this vulnerability was identified as one of the integrated external applications.
What type of attack is this?
This is an API attack.
This is a backdoor attack.
This is an AI attack.
This is a device driver manipulation attack.
The integration of a vendor platform with the Zeda platform for single-sign through API integration has caused the attack. One of the vendors has exposed the vulnerability through improper API integration.
Japan’s cybercrime control center noticed that around 200,000 Tokyo computers are infected by bots, and all these bots are remotely controlled by a single attacker. What is this attacker referred to as?
Zombie
Botnet
Payload
Bot herder
A bot herder is the administrator or controller of the logical network of all devices infected by the attacker-created bots. In most cases, the device user is unaware of the bot herder’s influence on the endpoint.
Which of the following is a form of malware attack that uses specialized communication protocols?
Keylogger
Spyware
RAT
Bot
RAT has the functionality of a Trojan while also using specialized communication protocols that allow unauthorized access to the entire infected system.
What type of attack occurs when the threat actor snoops and intercepts the digital data transmitted by the computer and resends that data, impersonating the user?
Trojan
Buffer overflow
Replay
Device driver manipulation
A replay attack copies data transmitted by the computer’s user and then uses it for an attack. Replay attacks are commonly used against digital identities. After intercepting and copying the data, the threat actor later retransmits selected and edited portions of the copied communications to impersonate the legitimate user.
A web application with an SQL server database is found to be compromised by an attacker. On examination, the email IDs of the database have been found modified. This was due to improper validation in the input fields exploited by the attacker.
What is the probable attack in the above scenario?
XML Injection
XSS
SQL Injection
SSRF
Attacks that introduce new input to exploit a vulnerability are called injections. One of the most common injection attacks is an SQL injection, which inserts statements that manipulate a database server.
Kate decides to download an extension to her favorite browser to quickly store links on her spreadsheet software. While downloading the software, she ignores the opt-out check box that allows the extension to download a search toolbar.
What has occurred here?
Kate has installed a Trojan.
Kate has installed an injection.
Kate has installed a backdoor.
Kate has installed a potentially unwanted program (PUP).
Kate has installed a potentially unwanted program (PUP).
An additional program was installed along with the program Katie intended to install because she overlooked the opt-out check box.
